Vitalik Buterin says AI combined with formal verification could strengthen blockchain security against bugs and cyberattacks.
Ethereum News
Ethereum (ETH) co-founder Vitalik Buterin argues that pairing AI-generated code with mathematically verified software could make blockchain networks more resistant to bugs and AI-assisted attacks. He laid out the case in a lengthy blog post published May 18.
Formal verification is a method that uses mathematical proofs to confirm that software behaves exactly as its designers intended. The technique dates back to foundational research in the 1950s and 1960s. Buterin said recent advances in AI are now making it more practical for developers working at scale.
Why Crypto Infrastructure Is at Risk
Buterin cited developer Yoichi Hirai's description of the approach as the "final form of software development." He wrote that, done correctly, it could produce both highly efficient code and stronger security than conventional programming methods allow. He specifically named quantum-resistant signatures, STARKs, consensus algorithms, and zero-knowledge EVMs as areas where formal verification could have the most impact.
The post addressed a concern held by some security researchers that increasingly complex AI-generated code may become impossible to audit fully. Buterin disagreed. He wrote that formal verification gives users a precise and limited set of statements to check, rather than requiring them to review an entire codebase.
The timing of the post coincides with growing concern about AI-powered cyberattacks. Anthropic restricted access to its cybersecurity-focused Claude Mythos model after testing showed it could autonomously identify and exploit software vulnerabilities. The model flagged 271 vulnerabilities in Mozilla Firefox during internal testing in April 2026. Researchers at the UK AI Security Institute also found that OpenAI's GPT-5.5 has demonstrated advanced offensive cyber capabilities.
Smart contract exploits have already produced steep financial losses across the crypto industry. In April 2026, attackers linked to North Korea's Lazarus Group drained $292 million worth of tokens from Kelp DAO's infrastructure by compromising internal systems used by LayerZero Labs. North Korean state-sponsored hackers are estimated to have stolen more than $6 billion in cryptocurrency in total to date.
Buterin acknowledged that formal verification is not a complete solution. It cannot catch errors stemming from verified incorrect assumptions, overlooked hardware vulnerabilities, or unchecked sections of a system. He argued instead for keeping a well-verified "secure core" as small as possible and protecting it with the strictest available tools, while accepting that peripheral code will always carry more risk.
This article contains links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of CoinMarketCap, and CoinMarketCap is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. CoinMarketCap is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by CoinMarketCap of the site or any association with its operators. This article is intended to be used and must be used for informational purposes only. It is important to do your own research and analysis before making any material decisions related to any of the products or services described. This article is not intended as, and shall not be construed as, financial advice. The views and opinions expressed in this article are the author’s [company’s] own and do not necessarily reflect those of CoinMarketCap.
